"""
Database models for file integrity tracking.

Provides efficient storage of file checksums and verification statistics
with sparse logging of failures for audit trail.
"""

from sqlalchemy import (
    Column,
    Integer,
    String,
    Text,
    Boolean,
    Float,
    ForeignKey,
)
from sqlalchemy.orm import relationship
from sqlalchemy_utc import UtcDateTime, utcnow

from .base import Base


class FileIntegrityRecord(Base):
    """
    Track file integrity with embedded statistics.

    Stores current checksum and verification stats for files.
    Only failures are logged to separate table for efficiency.
    """

    __tablename__ = "file_integrity_records"

    # Identity
    id = Column(Integer, primary_key=True, autoincrement=True)
    file_path = Column(Text, nullable=False, unique=True, index=True)
    file_type = Column(
        String(50), nullable=False, index=True
    )  # 'faiss_index', 'pdf', 'export'

    # Current state
    checksum = Column(String(64), nullable=False)  # SHA256 hash
    algorithm = Column(String(20), default="sha256")
    file_size = Column(Integer, nullable=True)
    file_mtime = Column(
        Float, nullable=True
    )  # OS modification time for smart verification

    # Policy
    verify_on_load = Column(
        Boolean, default=True
    )  # Should this file be verified before use?
    allow_modifications = Column(
        Boolean, default=False
    )  # Can file be legitimately modified? (PDFs=True, FAISS=False)

    # Embedded statistics (for efficiency)
    total_verifications = Column(Integer, default=0)
    last_verified_at = Column(UtcDateTime, nullable=True)
    last_verification_passed = Column(Boolean, default=True)
    consecutive_successes = Column(Integer, default=0)
    consecutive_failures = Column(Integer, default=0)

    # Timestamps
    created_at = Column(UtcDateTime, default=utcnow())
    updated_at = Column(UtcDateTime, onupdate=utcnow())

    # Polymorphic relationship - can link to any entity
    related_entity_type = Column(
        String(50), nullable=True
    )  # 'rag_index', 'library_document', etc.
    related_entity_id = Column(Integer, nullable=True)

    # Sparse history - only failures logged
    verification_failures = relationship(
        "FileVerificationFailure",
        back_populates="file_record",
        cascade="all, delete-orphan",
    )

    def __repr__(self):
        return (
            f"<FileIntegrityRecord(id={self.id}, "
            f"path={self.file_path}, "
            f"type={self.file_type}, "
            f"verifications={self.total_verifications})>"
        )


class FileVerificationFailure(Base):
    """
    Audit trail of file integrity verification failures.

    Only failures are logged to keep storage efficient.
    Provides debugging trail for corruption/tampering incidents.
    """

    __tablename__ = "file_verification_failures"

    id = Column(Integer, primary_key=True, autoincrement=True)
    file_record_id = Column(
        Integer,
        ForeignKey("file_integrity_records.id"),
        index=True,
        nullable=False,
    )

    verified_at = Column(UtcDateTime, default=utcnow())
    expected_checksum = Column(String(64), nullable=False)
    actual_checksum = Column(
        String(64), nullable=True
    )  # Null if file missing/unreadable
    file_size = Column(Integer, nullable=True)
    failure_reason = Column(
        Text, nullable=False
    )  # "checksum_mismatch", "file_missing", etc.

    file_record = relationship(
        "FileIntegrityRecord", back_populates="verification_failures"
    )

    def __repr__(self):
        return (
            f"<FileVerificationFailure(id={self.id}, "
            f"file_record_id={self.file_record_id}, "
            f"reason={self.failure_reason}, "
            f"verified_at={self.verified_at})>"
        )
